… allows users to operate at minimum privilege: do most of their work without privileges but temporarily acquire them where needed, all without leaving the shell workflow, integratable with shell scripts, pipelines and so on.
sudo has serious problems though. It's a relatively large SUID binary, i.e. privileged code that unprivileged users can invoke from their own context. It has a complicating configuration language, loadable plugins (ldap!), hostname matches and so on and so on.
Lennart Poettering /
npub1r9…yts2x
2024-04-29 07:32:14
in reply to nevent1q…k6nn
Author Public Key
npub1r9ngmtyw5c9qx49tw9rkty6v89yyq95sys9fzj69v6gy883zfcfsyyts2xPublished at
2024-04-29 07:32:14Event JSON
{
"id": "8a3bdfb3adace17949e6e7cb2ce420ebf09d45b607bb8189fab710e1f49d0af3",
"pubkey": "19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13",
"created_at": 1714375934,
"kind": 1,
"tags": [
[
"e",
"9b7f12e65282a8d8970b4923a618ccf4af994b1ab3a9989ed9310fe525fdc07a",
"",
"root"
],
[
"p",
"19668dac8ea60a0354ab714765934c3948401690240a914b456690439e224e13"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112353341231792797",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/pid_eins/statuses/112353341231792797",
"pink.momostr"
]
],
"content": "… allows users to operate at minimum privilege: do most of their work without privileges but temporarily acquire them where needed, all without leaving the shell workflow, integratable with shell scripts, pipelines and so on.\n\nsudo has serious problems though. It's a relatively large SUID binary, i.e. privileged code that unprivileged users can invoke from their own context. It has a complicating configuration language, loadable plugins (ldap!), hostname matches and so on and so on.",
"sig": "ea1697c1a84e1c796958c46a5ac1cb0ca2c63def205407cc6464dffe4b555dd3d1c85ddd2a40409c8eafdf9312cd7965c9761dff464a4f45f4daad1120784cb8"
}